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AMENDMENTS TO THE CLAIMS 

Please amend the claims as indicated hereafter (where underlining "_" 
denotes additions and strikethrough "-" denotes deletions). 
Claims: 

1 . (Currently Amended) A method for providing information on system 
vulnerabilities, comprising: 

populating a database with element or system vulnerability information as 

determined for a user by an examination engine : 
obtaining keywords from profile or policy-descriptive information for the 
system; and 

selecting a database page to access from a database structure configured 
as a hierarchical plurality of database pages, each database page 
having a page index, data section and selector section, and utilizing 
keyword matching between the descriptive information and selector 
section to provide obtain vulnerability information for an element or 
combination of elements. 



2. (Currently Amended) The method of claim 1 , further comprising 
storing intermediate result or status information obtained from the selecting step 
a database page in a state accumulator module. 
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3. (Original) The method of claim 2, further comprising performing a 
check of the state accumulator module for intermediate result or status 
information. 

4. (Currently Amended) The method of claim 3, wherein the selecting 
step a database page further comprises matching keywords utilizing result or 
status information stored in the state accumulator module. 

5. (Original) The method of claim 4, further comprising sending the 
vulnerability information to a vulnerability accumulator module; 

retaining page selector information for database pages accessed; 
and 

updating intermediate result or status information in the state 
accumulator module. 

6. (Currently Amended) The method of claim 5, further comprising 
detecting a selection of input from a user, including profile or policy-descriptive 
system information provided by the user, to continue the obtaining keywords step 
and selecting step a database page for same element. 



Serial No.: 10/611,637 
Art Unit: 2132 
Page 4 

7. (Currently Amended) The method of claim 1 , further comprising 
repeating the obtaining keywords step and selecting step a database page for 
another element or element combination. 

8. (Original) The method of claim 1 , further comprising updating at least 
one of an element counter value, combination counter value, cycle counter value, 
or cumulative cycle counter value. 

9. (Original) The method of claim 5, further comprising updating the 
database with an element counter value. 

1 0. (Currently Amended) The method of claim 9, further comprising 
updating the database with ajist of database pages or indices accessed to 
provide for accumulated vulnerability results for examined element or system. 

1 1 . (Original) The method of claim 10, further comprising presenting the 
accumulated vulnerability results to a user's processing device. 

12. (Currently Amended) The method of claim 1 , further comprising 
filtering information on the element or combination of elements prior to 
p e rform i ng th e obtaining keywords step. 
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1 3. (Original) The method of claim 2, further comprising identifying and 
selecting particular combinations of system elements to process based on 
vulnerability information obtained from the database as well as on state 
information stored in the state accumulator. 

14. (Currently Amended) A computer-readable storage medium having a 
computer program for providing information on system vulnerabilities , the 
computer-readable storage medium comprising for p e rform i ng th e st e ps of : 

logic configured to populate a database with element or system 
vulnerability information as determined for a user by an 
examination engine : 

logic configured to query a database to obtain descriptive information for 
the system; 

logic configured to select a database page to access from a database 
structure configured as a hierarchical plurality of database pages, 
each database page having a page index, data section and selector 
section; and 

logic configured to perform keyword matching between the descriptive 
information and selector section to provide obta i n vulnerability 
information for an element or combination of elements. 



Serial No.: 10/611,637 
Art Unit: 2132 
Page 6 

1 5. (Currently Amended) The computer-readable storage medium of 
claim 14, further comprising logic configured to store intermediate result or status 
information obtained from the select logic in a state accumulator module. 

16. (Currently Amended) The computer-readable storage medium of 
claim 15, further comprising logic configured to perform a check of a state 
accumulator module for intermediate result or status information. 

1 7. (Currently Amended) The computer-readable storage medium of 
claim 16, wherein the logic configured to select from a database page to access 
is further configured to match keywords utilizing result or status information 
stored in the state accumulator module. 

18. (Currently Amended) The computer-readable storage medium of 
claim 17, further comprising 

logic configured to send the vulnerability information to a 

vulnerability accumulator module; 
logic configured to retain page selector information for database 

pages accessed; and 
logic configured to update intermediate result or status information 

in the state accumulator module. 
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1 9. (Currently Amended) The computer-readable storage medium of 
claim 18, further comprising logic configured to detect a selection of input from a 
user, including profile/policy-descriptive system information provided by the user, 
to continue the performing of query logic and select logic for same element. 

20. (Currently Amended) The computer-readable storage medium of 
claim 14, further comprising logic configured to continue cycling by repeating the 
performing of query logic and select logic for another element or element 
combination. 

21 . (Currently Amended) The computer-readable storage medium of 
claim 14, further comprising logic configured to update at least one of an element 
counter value, combination counter value, cycle counter value, or cumulative 
cycle counter value. 

22. (Currently Amended) The computer-readable storage medium of 
claim 18, further comprising logic configured to update the database with at least 
one of an element counter value, combination counter value, cycle counter value, 
or cumulative cycle counter value. 
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23. (Currently Amended) The computer-readable storage medium of 
claim 22, further comprising logic configured to update the database with a list of 
database pages or indices accessed to provide for accumulated vulnerability 
results for examined element or system. 

24. (Currently Amended) The computer-readable storage medium of 
claim 23, further comprising logic configured to present the accumulated 
vulnerability results to a user's processing device. 

25. (Currently Amended) The computer-readable storage medium of 
claim 14, further comprising logic configured to filter information on the element 
or combination of elements prior to performing the query logic. 
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26. (Currently Amended) A system for providing information on system 

vulnerabilities, comprising: 

a database populated with descriptive system information as determined 

for a user by an examination engine : 
a database structure configured as a hierarchical plurality of database 
pages, each database page further comprises a page index, data 
section and selector section, and wherein the data section is further 
configured to include the element vulnerability information and the 
selector section is further configured to include links to related 
database pages; 

a rule processor module configured to enable rules for cycling through the 
database structure to match keywords provided by user input, 
including profile/policy-descriptive system information provided by 
the user, and the descriptive system information from the database 
with element vulnerability information from the database structure; 
and 

a presentation module configured to present results of keyword matches. 
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27. (Original) The system of claim 26, further comprising an input 
parser/filter module operatively coupled to the rule processor module, the input 
parser/filter module configured to receive policy or profile input from a user's 
processing device and to convert the input into data usable by the rule processor 
module. 

28. (Original) The system of claim 26, further comprising a state 
accumulator module operatively coupled to the rule processor module, the state 
accumulator module configured to store intermediate vulnerability status or result 
information. 

29. (Original) The system of claim 26, further comprising a vulnerability 
accumulator module operatively coupled to the rule processor module, the 
vulnerability accumulator module configured to store identified vulnerability result 
information. 

30. (Previously Amended) The system of claim 26, wherein the 
presentation module is operatively coupled to a user's processing device and the 
vulnerability accumulator module, the presentation module configured to 
summarize and format accumulated vulnerability results for utilization by the 
user's processing device. 
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31 . (Original) The system of claim 26, further comprising a database 
interface module operatively coupled between the database, database structure, 
and the result accumulator module, the database interface module configured to 
enable provisioning and access to the database and the database structure. 

32. (Original) The system of claim 26, wherein the database comprises an 
element descriptive database (EDD). 

33. (Original) The system of claim 26, wherein the database structure 
comprises a hierarchical vulnerability database (HVD) structure. 

34. (Original) The system of claim 28, wherein the rules processor 
module is further configured to utilize accumulated state information from the 
state accumulator module to modify the matching or filtering of keywords, such 
that a likelihood of success of a probability of matching or filtering of keywords is 
changed based upon at least one of probabilistic, statistical, conditional pre- 
requisite item, occurrence, situation, or rules information. 



35.-39. (Cancelled). 
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40. (New) A method for providing information on system vulnerabilities, 
comprising: 

populating a database with element or system vulnerability information; 
obtaining keywords from profile or policy-descriptive information for the 
system; 

selecting a database page to access from a database structure configured 
as a hierarchical plurality of database pages, each database page 
having a page index, data section and selector section, and utilizing 
keyword matching between the descriptive information and selector 
section to provide vulnerability information for an element or 
combination of elements; 

matching keywords utilizing result or status information stored in the state 
accumulator module; 

storing intermediate result or status information obtained from selecting a 
database page in a state accumulator module; and 

performing a check of the state accumulator module for intermediate result 
or status information. 
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41 . (New) The method of claim 40, further comprising: 

sending the vulnerability information to a vulnerability accumulator module; 
retaining page selector information for database pages accessed; and 
updating intermediate result or status information in the state accumulator 
module. 

42. (New) The method of claim 41 , further comprising detecting a 
selection of input from a user, including profile or policy-descriptive system 
information provided by the user, to continue obtaining keywords and selecting a 
database page for same element. 

43. (New) The method of claim 41 , further comprising updating the 
database with an element counter value. 

44. (New) The method of claim 43, further comprising updating the 
database with a list of database pages or indices accessed to provide for 
accumulated vulnerability results for examined element or system. 

45. (New) The method of claim 44, further comprising presenting the 
accumulated vulnerability results to a user's processing device. 
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46. (New) A system for providing information on system vulnerabilities, 

comprising: 

a database populated with descriptive system information as determined 
for a user by an examination engine; 

a database structure configured as a hierarchical plurality of database 
pages, each database page further comprises a page index, data 
section and selector section, and wherein the data section is further 
configured to include the element vulnerability information and the 
selector section is further configured to include links to related 
database pages; 

a rule processor module configured to enable rules for cycling through the 
database structure to match keywords provided by user input, 
including profile/policy-descriptive system information provided by 
the user, and the descriptive system information from the database 
with element vulnerability information from the database structure, 
and configured to utilize accumulated state information from the 
state accumulator module to modify the matching or filtering of 
keywords, such that a likelihood of success of a probability of 
matching or filtering of keywords is changed based upon at least 
one of probabilistic, statistical, conditional pre-requisite item, 
occurrence, situation, or rules information; 
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a presentation module configured to present results of keyword matches; 
and 

a state accumulator module operatively coupled to the rule processor 
module, the state accumulator module configured to store 
intermediate vulnerability status or result information. 



